feat(server): role based authentication system (#2434)

- Parse toml configuration file, see https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/control-server.md#authentication - Retro-compatible with existing AND documented routes, until after v3.41 release - Log a warning if an unprotected-by-default route is accessed unprotected - Authentication methods: none, apikey, basic - `genkey` command to generate API keys Co-authored-by: Joe Jose <45399349+joejose97@users.noreply.github.com>
2024-09-18 13:29:36 +02:00
parent 07651683f9
commit a2e76e1683
25 changed files with 920 additions and 10 deletions
--- a/internal/server/handler.go
+++ b/internal/server/handler.go
@@ -2,14 +2,17 @@ package server

 import (
 	"context"
+	"fmt"
 	"net/http"
 	"strings"

 	"github.com/qdm12/gluetun/internal/models"
+	"github.com/qdm12/gluetun/internal/server/middlewares/auth"
 	"github.com/qdm12/gluetun/internal/server/middlewares/log"
 )

-func newHandler(ctx context.Context, logger infoWarner, logging bool,
+func newHandler(ctx context.Context, logger Logger, logging bool,
+	authSettings auth.Settings,
 	buildInfo models.BuildInformation,
 	vpnLooper VPNLooper,
 	pfGetter PortForwardedGetter,
@@ -18,7 +21,7 @@ func newHandler(ctx context.Context, logger infoWarner, logging bool,
 	publicIPLooper PublicIPLoop,
 	storage Storage,
 	ipv6Supported bool,
-) (httpHandler http.Handler) {
+) (httpHandler http.Handler, err error) {
 	handler := &handler{}

 	vpn := newVPNHandler(ctx, vpnLooper, storage, ipv6Supported, logger)
@@ -30,14 +33,20 @@ func newHandler(ctx context.Context, logger infoWarner, logging bool,
 	handler.v0 = newHandlerV0(ctx, logger, vpnLooper, dnsLooper, updaterLooper)
 	handler.v1 = newHandlerV1(logger, buildInfo, vpn, openvpn, dns, updater, publicip)

+	authMiddleware, err := auth.New(authSettings, logger)
+	if err != nil {
+		return nil, fmt.Errorf("creating auth middleware: %w", err)
+	}
+
 	middlewares := []func(http.Handler) http.Handler{
+		authMiddleware,
 		log.New(logger, logging),
 	}
 	httpHandler = handler
 	for _, middleware := range middlewares {
 		httpHandler = middleware(httpHandler)
 	}
-	return httpHandler
+	return httpHandler, nil
 }

 type handler struct {